KMAC submission

[hoxxep]

I have tried to follow the RustCrypto MACs workflow, and used the traits as best I can.

This implements KMAC128, KMAC256, KMACXOF128, and KMACXOF256.

Key deviations from the existing mac traits:

• Mac::finalize() outputs a 32-bit digest for KMAC128, and 64-bit for KMAC256 following the NIST default MAC output length guidance in section 8.4.
• Kmac*::finalize_into(out: &mut [u8]) is a generic finalize method for any fixed output size, following section 4.3 of NIST SP 800-185. I wasn't aware of a suitable trait to express this.
  • There is Digest::finalize_into, but it's limited to the Mac-defined output size Output<Self>. This implementation allows for runtime determined output sizes. In either case, it suggests we should rename this method to avoid conflicts with the Digest trait.
• ExtendableOutput::finalize_xof() is used to implement KMACXOF128 and KMACXOF256. We could add an ExtendableMac trait to incorporate ExtendableOutput?
• Kmac*::new_customization(secret: &[u8], customization: &[u8]) is used to initialize with a customization string, and again I wasn't aware of any suitable existing trait to express this.

I'd be happy to try to add traits for this, if you believe this is the right direction? The crate should already be useful in it's current form though, and we could add traits later.

Happy to hear any feedback!

Related issues:

• https://github.com/RustCrypto/MACs/issues/133
• https://github.com/RustCrypto/MACs/issues/1